Please evaluate for security and extensibility. It's not that long I hope.
Code: Select all
function login() {
$TWP_GLOBAL =& TWP_Global::instance();
$DB =& $TWP_GLOBAL->registryGet('adodb');
$USERNAME = isset($_POST['twp_user']) ? arep($_POST['twp_user']) : '';
$PASSWORD = isset($_POST['twp_pass']) ? $_POST['twp_pass'] : '';
if (!($USERNAME && $PASSWORD)) {
return false;
}
$t_user = $TWP_GLOBAL->tablesGet('user');
$result = $DB->Execute("
SELECT `user_rights`, `user_passhash`, `user_salt`
FROM `$t_user`
WHERE user_name = ?
", array($USERNAME));
if (!$result) {
return false;
}
$salt = $result->fields['user_salt'];
$passhash = $result->fields['user_passhash'];
$expect = SHA256::hash( $salt . '-' . $PASSWORD );
if ($expect !== $passhash) {
return false;
}
return true;
}